General
-
Target
.bat.exe
-
Size
40KB
-
Sample
240301-xwylbscb74
-
MD5
a87188c2c1a6d350f7b01c4cf863a278
-
SHA1
20fd2314637916ee2b15ce8546e98487083c65c5
-
SHA256
5c5d9cee9ba4afd8bb85247f02bf0dee53c9043a8be50522f9c2788308da7555
-
SHA512
75a049188d08c7dbcd46845135546435b4b28e32e8480eedcb5e227b61d10bb714f4c6a08303a247b892b3b864fbb5fdd7e73acba95f60f4537449afc861fbc3
-
SSDEEP
768:+UNsKVKeh76p4m78H55Iy7KLb17sTVE6xAMlgsMzVPNd6pkdT1v5oYvntPc9v:+xHw6pXeyMKLCprFHOT1v7k
Static task
static1
Behavioral task
behavioral1
Sample
.bat.exe
Resource
win7-20240221-en
Malware Config
Extracted
gozi
Targets
-
-
Target
.bat.exe
-
Size
40KB
-
MD5
a87188c2c1a6d350f7b01c4cf863a278
-
SHA1
20fd2314637916ee2b15ce8546e98487083c65c5
-
SHA256
5c5d9cee9ba4afd8bb85247f02bf0dee53c9043a8be50522f9c2788308da7555
-
SHA512
75a049188d08c7dbcd46845135546435b4b28e32e8480eedcb5e227b61d10bb714f4c6a08303a247b892b3b864fbb5fdd7e73acba95f60f4537449afc861fbc3
-
SSDEEP
768:+UNsKVKeh76p4m78H55Iy7KLb17sTVE6xAMlgsMzVPNd6pkdT1v5oYvntPc9v:+xHw6pXeyMKLCprFHOT1v7k
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-